April 24, 2024 at 10:26AM
Waterfall Security Solutions and ICS Strive’s “2024 Threat Report” notes a 19% increase in cyberattacks causing physical consequences, with 68 attacks recorded in 2023. Despite the increase, ransomware attacks with physical impact decreased slightly, while hacktivist attacks remained constant. The report’s cautious approach, focusing on public disclosures, likely underestimates the true threat. Notably, supply chain attacks showed up this year, and the report highlights emerging defensive developments.
Based on the meeting notes provided, the key takeaways are:
1. The “2024 Threat Report” by Waterfall Security Solutions and ICS Strive reveals a 19% increase in cyberattacks causing physical consequences in 2023 compared to the previous year. The report predicts a further increase of 90% to 100% in 2024.
2. The report primarily focuses on deliberate cyberattacks that caused physical consequences in building automation, heavy industry, manufacturing, and critical industrial infrastructures in the public record, excluding private or confidential disclosures. It is acknowledged that the report is an underestimation due to the exclusion of confidential disclosures.
3. The number of cyberattacks meeting the inclusion criteria has nearly doubled annually since 2019, marking a significant change from the period of 2010-2019 when OT attacks with physical consequences remained relatively flat.
4. The majority of the attacks (80%) were ransomware, with fewer attacks attributed to hacktivists, supply chain attacks, and a nation state.
5. Ransomware attacks causing physical operations to be impaired have decreased, potentially due to a shift in tactics by ransomware criminal groups to focus on stealing data and demanding ransoms to destroy the stolen data rather than encrypting and disabling systems.
6. Supply chain attacks with physical consequences have emerged, including instances of code embedded in trains and virtual reality headsets, leading to product lockouts.
7. The report highlights increasing challenges such as GPS blocking and spoofing, manufacturing businesses being targeted, hacktivists focusing on critical infrastructures, and the emergence of new defensive strategies such as the Cyber-Informed Engineering Strategy.
These key takeaways provide a clear understanding of the current cybersecurity threats and trends in the industrial and critical infrastructure sectors.